Skip to main content

Five Things to Consider for a Successful Intelligence Team - Part 1

July 17, 2014

#1 - Invest in Proper People and Tools

I’ve had the opportunity to travel a bit and “evangelize” about Intelligence - what it is and the basic methodology surrounding it. The “Take Away” portion covers five areas of consideration for organizations wanting to set up their own intelligence shop and be successful. I will be breaking these down in more detail over the course of this five part series.

Threat intelligence in our industry is evolving. Going beyond vulnerability and threat feeds is a must. To do so, you need dedicated resources that cover both personnel and hardware/software. These team members not only need to have an understanding of security, but they must also be able to provide analysis based on sound intelligence methodology.

PEOPLE: The Intelligence Analyst

An intelligence analyst identifies and retrieves pertinent information that has been collected and correlates that data against additional sources and research. The analyst, utilizing personal knowledge and expertise, then produces an assessment or finished product that is timely and action oriented.

Intelligence analysts should be critical thinkers who are known subject matter experts (SME) in their particular field. They should have the ability to draw conclusions from differing sources of information and to extract the appropriate information within.

Intelligence analysts are not easy to come by. Intelligence analysis can be a difficult concept to grasp without the proper training by intelligence professionals in a structured environment. For example, the Navy and Marine Corps Intelligence Training Center (NMITC) trains Navy and Marine Corps intelligence specialists, Counter Intelligence personnel, Ground Intelligence Officers and the like in this arena. This being the case, it is more practical to invest in recruiting and hiring these trained professionals once their service time is up, and then inundate them with industry training so they gain an understanding of the industry as well as infosec-specific skills.

TOOLS: Collection Management System & Visual Analysis

I spoke above about going beyond vulnerability and threat feeds. I am not saying these are not valuable. We know they are. Big data is making its way into every facet of information security, but how does an analyst properly dissect and make this information relevant? The answer is Collections Management.

With the amount of information flowing to the intelligence team, from both internal and external sources, the staff will be easily inundated with masses of data. This is where a collections management system (CMS) comes in.

To be able to track, categorize and process the collected data, the CMS should be a dedicated database utilized by the intelligence staff, which is both user-friendly and easily queried. An example of a collections management database would be the “Collective Intelligence Framework (CIF),” an open community project that is labeled as a “cyberthreat intelligence management system… That allows you to combine known malicious threat information from many sources…”

Intelligence staff have many tools at their disposal for the collection and processing of raw data, and CIF is just one of them. Prior to establishing a set CMS, the staff should research and evaluate several that are available in order to determine which is the most feasible based on  capital expenditure required for hardware and administration.

In addition to collections management, there are great analytical tools available both commercially and publicly, such as IBM’s i2 Analyst Notebook, Paterva’s Maltego and Palantir’s many platforms. These are mainly visual analysis tools but also assist the analyst in mapping out data and visually depicting a problem set that will identify trends, patterns and anomalies.

Identifying and investing in the proper people and tools from the beginning is a great way to get an intelligence program off of the ground. Businesses can find top caliber analysts via veteran targeted job boards, such as:

In addition, job fairs close to military bases throughout the U.S. provide a great opportunity to meet with potential candidates. On the tools side, there are a lot of vendors that are investing in creating and maintaining threat management collection, storage and analysis tools. There are also developers who are actively building and coding to assist the analyst.

Additionally, Development Operations is great way to encourage a staff to identify gaps in capabilities and begin building their own tools and processes that meet the needs of the organization.

Additional Installments

    Danny Pickens

By: Danny Pickens

Senior Director, Theat Management Operations

See More

Related Blogs

July 24, 2014

Five Things to Consider for a Successful Intelligence Team - Part 2

In Part 1 of this series, I covered the need to invest in the proper people and tools for the intelligence team. This consisted of identifying those w...

See Details

July 31, 2014

Five Things to Consider for a Successful Intelligence Team - Part 3

Part 1 and Part 2 of this series concentrated on people, tools and encouraging DEVOPS. All of these are great considerations when building or beginnin...

See Details

August 26, 2014

Five Things to Consider for a Successful Intelligence Team - Part 4

In Part 3, “Allow for Open Communication,” I talked about the need for open communication to and from the intelligence team. For this edition, I am go...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 29, 2016

2016 Cyber Threat Intelligence

Learn how Optiv’s cyber threat intelligence solution helps clients improve their threat response approach.

See Details

October 06, 2017

Managed Security Services - Service Guide

Learn about our flexible and scalable services to improve your security capabilities.

See Details

April 19, 2018

Cyber Threat Intelligence as-a-Service

Learn how Optiv’s Cyber Threat Intelligence as-a-Service solution provides you with an advanced "beyond the perimeter" capability as a part of your cy...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.